Outfire Browser
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 7 |
| First Seen: | September 14, 2016 |
| Last Seen: | December 11, 2020 |
| OS(es) Affected: | Windows |
The Outfire Browser is a fake version of the Google Chrome Web browser that has been linked to a recent threat campaign. The Outfire Browser has gained notoriety because of its use of a new technique, known as UAC bypass, to infiltrate the computer users' machines and install the Outfire Browser. If the Outfire Browser has been installed on your computer, it is important to understand that the Outfire Browser is a bogus version of the Google Chrome Web browser that is mainly designed to expose its victims to advertising material. Most importantly, the presence of the Outfire Browser may indicate that your computer was compromised by the Outfire Browser's associated Trojan infection, which may indicate the presence of other threats or issues on the targeted computer.
Table of Contents
The Outfire Browser and Its Associated Threat Campaign
The Trojan associated with the Outfire Browser is known as Mutabaha. It appears that the Outfire Browser uses a technique used as UAC bypass to install the Outfire Browser on the targeted computer. When the Outfire Browser is installed, it replaces the victim's Google Chrome Web browser. The Outfire Browser, in fact, is very closely related to Google. The Outfire Browser is based on Chromium and looks very similar to Google. However, it has been heavily modified by the people responsible for this attack so as to deliver advertisements and carry out other unwanted tasks on the user's computer. PC security analysts strongly advise computer users to avoid using the Outfire Browser. However, since the Outfire Browser resembles Google Chrome closely, many computer users may not be aware that the Outfire Browser is being used in the attack.
Tracking the Mutabaha Trojan Infection and Its Resulting Outfire Browser Installation
The Mutabaha campaign was first observed between August 15 and 18 of 2016. It is unknown exactly how the Outfire Browser is being distributed to victim's computers currently. However, the method used by the Outfire Browser in its attack is fairly well-known now. The Outfire Browser uses the UAC bypass to execute harmful commands on the user's computer while bypassing the Windows User Account Control (UAC), therefore not causing the appearance of an error message or alert.
PC security analysts recently discovered the UAC bypass technique used by Mutabaha on August 15. It seems that this attack takes advantage of the Windows Event Viewer's capacity to bypass the UAC alerts and any protective feature on the victim's computer. Only a couple of days after the UAC bypass technique method was discovered and published, the Mutabaha attack, using this method to infect the victim's computer with threats, started to appear in the wild. During its attack, Mutabaha uses a system Registry key to launch a program with abnormal user privileges that then downloads and installs a BAT file and a Trojan dropper. The Trojan dropper download and installs the Outfire Browser on the victim's computer, and then the BAT file will delete the Trojan dropper to obfuscate the method of attack.
The Outfire Browser’s Corrupted Web Browser Itself
The Outfire Browser is designed to replace Google Chrome on the victim's computer. During the Trojan attack, the Outfire Browser is installed, and any trace of the Trojan dropper is deleted automatically. The Outfire Browser is associated with a Windows Registry entry that allows the Outfire Browser to run automatically and persist on the victim's computer when Windows restarts. Registry modifications associated with the Outfire Browser also will delete Google Chrome shortcuts and import Chrome settings into the Outfire Browser to further hide that the Outfire Browser is not a legitimate Web browser. While being installed, the Outfire Browser will kill all file processes associated with other known Web browsers.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.